HackDig : Dig high-quality web security articles for hacker

OpenSSL patches two low and medium severity vulnerabilities that were discovered by using Google’s open source OSS-Fuzz fuzzing service.
The medium severity vulnerability tracked as CVE-2017-3736 was addressed with the release of OpenSSL 1.1.0g and 1.0.2m.
The flaw is a carry propagating bug in the x86_64 Montgomery squaring procedure, it affects processors

Google has launched Google Play Security Reward, the bug bounty program that will pay $1,000 rewards for flaws in popular apps.
Google has officially launched a bug bounty program for Android apps on Google Play Store, a measure that aims to improve the security of Android apps. The initiative, called Google Play Security Reward, will involve the security c

Google security experts disclosed seven distinct vulnerabilities in the Dnsmasq software package.
Regardless of what you may think of Google as a company, it is difficult to criticize their prolific and in-depth security research. The latest example is their disclosure of seven distinct issues in the Dnsmasq software package.
From the authors’ website,

A hacker using the online moniker of ‘Kuroi’SH’ defaced the Google Brazil domain on Tuesday afternoon, this isn’t the first high-profile target he breached.
A hacker using the online moniker of ‘Kuroi’SH’ defaced the official Google Brazil domain on Tuesday afternoon. The defaced page displayed a message greeting his friends for

Google continues the ongoing effort to communicate the transport security status of a given page labeling resources delivered via FTP as “Not secure” in Chrome,
Last week, Google announced that future versions of Chrome will label resources delivered via the File Transfer Protocol (FTP) as “Not secure.”
The security improvement will be implement

A half dozen technology and security companies — some of them competitors — issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle ‘WireX,’ an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this mon

Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple, Facebook, Google, Microsoft and Mozilla. But don’t break out th

Google has identified a new strain of Android malware, the Lipizzan spyware, that could be used as a powerful surveillance tool.
Malware researchers at Google have spotted a new strain of Android spyware dubbed Lipizzan that could exfiltrate any kind of data from mobile devices and use them as surveillance tools.
The Lipizzan spyware is a project developed

A Lithuanian court on Monday ruled the extradite of a man to the US to face charges of allegedly swindling $100M from Google and Facebook via email scam.
A Lithuanian man who is allegedly responsible for a $100 million scam (roughly 87 million euros) from tech companies Google and Facebook will be extradited to the United States soon.
The Lithuanian citizen

Last month KrebsOnSecurity published research into a large distributed network of apparently compromised systems being used to relay huge blasts of junk email promoting “online dating” programs — affiliate-driven schemes traditionally overrun with automated accounts posing as women. New research suggests that another bot-promoting botnet of

Google warned of a serious flaw dubbed BroadPwn in some Broadcom Wi-Fi chipsets that potentially impacts millions of Android devices.
Google published the monthly security update for Android devices, it warned of a serious flaw, dubbed BroadPWN, in some Broadcom Wi-Fi chipsets that potentially impacts millions of Android devices, as well as some iPhone mod

It’s been almost three years since Google first announced its intention to add end-to-end encryption to Gmail. However, the free email service is yet to provide users with that feature. Despite the Internet giant insists that it was never a bluff, one of the company’s latest movements has reignited the criticism.
Recently, a spokesperson from Goo

Malicious ads in Google search results for the US retail giant Target redirected users to a tech support scam.
The malvertising campaign was first reported last week by a US user who posted his observations to a StackExchange thread and was then reported by Bleepingcomputer.com.
Just querying Google for the term “target,” users were displayed on

Researchers at Georgia Institute of Technology have discovered a new attack against Android OS, dubbed ‘Cloak and Dagger,’ millions of devices at risk.
Security researchers at Georgia Institute of Technology have discovered a new attack, dubbed ‘Cloak and Dagger’, that allows taking full control of Android devices.
The ‘Cloak a

Adobe and Microsoft both issued updates today to fix critical security vulnerabilities in their software. Microsoft actually released an emergency update on Monday just hours ahead of today’s regularly scheduled “Patch Tuesday” (the 2nd Tuesday of each month) to fix a dangerous flaw present in most of Microsoft’s anti-malware technolo